3dsecure.cgi

3dsecure.cgi is used when a 3D-secure authorisation should be performed. The 3Dsecure authorisation is performed by posting the cardholder (customer) to the 3dsecure.cgi script. The card information will be checked against Visa or Mastercard, and if the card number is enrolled in the 3D-secure program, the customer will be redirected to the customer's card issuer's page to perform the authentication process. If the card number is not enrolled, an authorization will be performed directly

Function call

https://payment.architrade.com/cgi-ssl/3dsecure.cgi
Permission to send card data must be activated by DIBS. Please notice that usage of 3dsecure.cgi requires a PCI certification. If you are creating payments through the API 3dsecure.cgi you need to make sure that you have the right PCI-certificate to do so.

Example

Below is an example form using the essential parameters for 3dsecure.cgi.

<form method="post" action="https://payment.architrade.com/cgi-ssl/3dsecure.cgi">
  <input type="hidden" name="merchant" Value="98765432">
  <input type="hidden" name="amount" Value="100">
  <input type="hidden" name="currency" Value="208">
  <input type="hidden" name="cardno" value="4711100000000000">
  <input type="hidden" name="expmon" Value="06">
  <input type="hidden" name="expyear" Value="24">
  <input type="hidden" name="cvc" Value="684">
  <input type="hidden" name="orderid" Value="myorderid_1234">
  <input type="hidden" name="declineurl" value="https://mypage.com/return.pml?status=declined" />
  <input type="hidden" name="cancelurl" value="https://mypage.com/return.pml?status=cancelled" />
  <input type="hidden" name="accepturl" value="https://mypage.com/return.pml?status=accepted" />
</form>

Essential input parameters

Parameter Description

amount *

The smallest unit of an amount in the selected currency, following ISO4217 (see the currency list here).

Example:

Smallest unit for EUR is "cent" thus setting 'amount="150"' leads to the amount being 1,50 EUR
Smallest unit for JPY is "yen" thus setting 'amount="150"' leads to the amount being 150 JPY

accepturl *

The URL of the page to be displayed if the purchase is approved.

You cannot use parameters in the URL. Example. ”?X=4&Y=2” The URLs have to be ”clean".

cancelurl *

The URL of the page to be displayed if the purchase is cancelled.

cardno *

Returns the full card number where all but the last 4 digits are masked.

currency *

Currency is defined using the ISO4217 standart (see the currency list here). Both numeric and upper case letter codes are accepted.
Example:

currency="SEK"
currency="752"
cvc *

Card Verification Code

declineurl *

 The URL of the page to be displayed if the purchase is denied.

expyear *

Card expiry year in one or two digits, e.g. 06 or 6 for 2006.

expmon *

Card expiry month in one or two digits, e.g. 01 or 1 for january.

md5key *

This variable enables a MD5-key control of the values received by DIBS. This control confirms that the values sent to DIBS has not been tampered with during the transfer. See how MD5 is calculated here

Note: When using MD5, the order id must be unique.

merchant *

Shop identification. The Merchant number appears in the e-mail received from DIBS during registration with DIBS or on your contract.

orderid *

The shop’s order number for this particular puchase. It can be seen later when payment is captured, and will in some instances appear on the customer’s bank statement (both numerals and letters may be used).

textreply *

Should be declared to receive the returned message in simple text format.

* Mandatory parameters

Optional input parameters

Parameter Description
HTTP_COOKIE

Cookies/sessions which are to be sent to callbackurl. Must be sent along if you are using callbackurl and depend on cookies/sessions for keeping track of the user.

account

If multiple departments utilize the same DIBS account, it may be practical to keep the transactions separate at DIBS. An account name may be inserted in this field, to separate transactions at DIBS.

To get an account, please contact the DIBS sales department.

acquirerinfo

The information added here will appear on the card holders bank statement for Handelsbanken transactions. (Cekab/Evry)

callbackurl

An optional ”server-to-server” call which tells the shop’s server that the payment was a success. Can be used for many purposes, the most important of these being the ability to register the order in your own system without depending on the customer’s browser hitting a specific page of the shop. See also HTTP_COOKIE.

You cannot use parameters in the URL, e.g. ”?X=4&Y=2”. The URL’s have to be ”clean”.

capturenow

If this field exists, a capture request is automatically carried out after the authorization, following the normal capture process of the specific acquirer.

If a transaction is marked as suspect, the automatic capture request is cancelled and you need to handle the capture.

If used, the order id has to be unique at all times.

delivery1..deliveryN

Complex order information. If both simple and complex order information (ordertext) is declared, the simple order information is then ignored. This information is stored in the DIBS administration interface.

fullreply

If this variable is set, all variables will be returned (as defined in the DIBS admin). Note: This only works when used together with textreply.

ip

DIBS retains the IP-address from which a card transaction is carried out. The IP-address is used for ’fraud control’, etc. Some implementations may send the IP-address of the shop to DIBS rather than that of the customer's machine. In order to provide the same services to shops which utilize such a program for their DIBS hookup, we offer the option of sending the “ip” parameter.

notifyurl

Some acquirers might take a period of time before the payment is accepted. This parameter can be used to specify a callback URL to get a response at a later time when the transaction is either accepted or declined. 

ordertext

Simple order information sent to DIBS in one text string. This information is displayed in the DIBS Admin interface.

ordline0-1.. ordlineN-M

This parameter is part of complex order information. If both complex and simple order information [ordertext] is declared, the simple order information will be ignored. This information is displayed in the DIBS administration interface. It is a requirement that the number of fields be identical in all lines of the order (eg. if there are four fields in the first line, the remaining lines must also contain four fields).

preauth

When preauth=true is sent as part of the request to auth.cgi the DIBS server identifies the authorisation as a ticket authorisation rather than a normal transaction. Please note that the pre-authorised transaction is NOT available among the transactions in the DIBS administration interface.

For preauth to work, DIBS has to be contacted for activation.

When using MD5 the authkey must be calculated from the string transact=12345678&preauth=true&cy=123

NOTE: You cannot use "capturenow" along with "preauth".

priceinfo1.. priceinfoN

This parameter is part of complex order information. If both complex and simple order information is declared, the simple order information is ignored.

This information is displayed in the DIBS administration interface.

test

When this field is declared, the transaction is not dispatched to the card issuer, but is instead handled by the DIBS test environment. When the shop goes live, the test system is normally disabled, and should the shop want to use the test mode at a later date the DIBS support can be contacted for reactivation.

uniqueoid

If this parameter is present, the parameter orderid has to be unique compared to all other order-ids used by the merchant.

If the orderid isn't unique, the call will be declined by a reason=7.

Note: Order numbers can be composed of a maximum of 50 characters (DIBS automatically removes surplus characters).

 

Return parameters

Payment accepted

When a transaction is successfull the following parameters are always returned to the accepturl.

ParameterDescription
approvalcode

Returns the approvalcode from the acquirer if available.

authkey

The MD5 check sum for verification of the authenticity of the transaction. This is only returned if an MD5 key is created within the DIBS administration (under installation + MD5 keys). You can read more about this here: MD5 key control.

Note: When using a payment window and the calcfee function, amount+fee is used as a basis for calculations rather the amount only.

transactThe unique DIBS identification number for the transaction.

Parameters returned if the return values are activated in the DIBS administration:

Integration / Return Values

DIBS recommend that all Return Values are activated.

ParameterDescription

acquirer

Returns he acquirer used for the specific transaction.

cardcountry

Returns the nationality of the card in "ISO 3166-1 alpha-2" standard

cardexpdate

Returns the expire date of the card in the fomat "yymm"

cardnomask

Returns the full card number where everything except the last 4 ciffor is masked.

cardprefix

Returns the 6-ciffor prefix of the card used in the transaction.

enrolled

Returns the status of 3D-enrollment in boolean (true/false).

merchantid

Returns the acquirer agreement ID.

paytype

Returns the type of payment the customer has used for a particular payment.

severity

Is returned if fraud control has noted the transaction as a potential fraud, if there is a subscription to fraud control and if this is activated in the administration interface.  The higher the amount, the more questionable the transaction.  We generally recommend closer checks of transactions with severity > 5.

Activated in the DIBS administration:

Integration / Fraud Protection
suspect

Is returned if there is a subscription to fraud control and this is activated in the administration interface (in such a case, this may have the value ”true”).

Activated in the DIBS administration in:

Integration / Fraud Protection

merchant, amount...

All parameters sent in the call are returned in the response.

?X=4&Y=2...

All custom parameters defined by the shop, is returned. Reserved words cannot be used as custom parameters.

If several parameters are declared, it should be noted that browsers use various maximum lengths of query-strings (eg. 2083 characters for IE).

 

Return parameters

Payment declined

When the payment is declined, the following parameters are always returned:

ParameterDescription
reasonReturns the reason why the payment is declined. See the reason list here

Parameters returned if the return values is activated in DIBS admin:

Integration / Return Values

DIBS recommend that all Return Values are activated.

ParameterDescription

merchant, amount...

All parameters sent in the call are returned in the response.

?X=4&Y=2...

All custom parameters defined by the shop are returned. Reserved words cannot be used as custom parameters.

If several parameters are declared, it should be noted that browsers use various maximum lengths of query-strings (eg. 2083 characters for IE).

 

Do you have a question or need help?
Follow us
DIBS Payment Services
Stockholm +46 (0)8-527 525 00
Göteborg +46 031-600 800
København +45 7020 3077
Oslo +47 21 55 44 00